- Enable SSO for web applications and APIs and centrally manage sessions and access policies for any application.
- Apply access policies at the URL and HTTP method level with an extensible rules engine.
- Ensure that users are signed on with an appropriate authentication level.
- Reduce maintenance and licensing costs by migrating applications away from legacy WAM and IAM products.
Notable Benefits & Features
- Web and API access management
- Integration with existing IAM infrastructures
- Dynamic authentication policy enforcement
- Identity-aware content rewriting and auditing
- Centralized policy management
- Gateway and agent deployment models
- Support for current WAM deployment models
- Enablement of a proxy-based architecture
- Open and lightweight agent protocol with advanced caching directives
- Agents decoupled from the PingAccess policy server for independent upgrades
- Easily integrate with web applications and APIs
- Manage sessions for internal and external users
- Protect and control access to web apps and APIs
- Deploy in less than 30 minutes
- Audit all access correlated by identity and context
Capabilities
Flexible Architecture
PingAccess offers architectural flexibility with both gateway and agent-based deployment options, allowing IT to choose the model appropriate for their environment. The gateway model offers a high-performance reverse proxy that can centrally protect any number of applications. Alternatively, agents installed directly on the servers provide the same access control, web session management and identity-based auditing features as the gateway option without requiring network or infrastructure modifications.
Application Integration
Whether the application has an agent deployed or is expecting an HTTP header, an X.509 client certificate or a legacy WAM token, PingAccess can easily integrate with existing applications without code or architecture changes.
Standards-Centric
PingAccess is designed to embrace standards and avoid vendor lock-in. It uses a JSON Web Token (JWT) to maintain session information and leverages OpenID Connect for user authentication. PingFederate maintains session revocation lists and provides dynamic attribute fulfillment based on these tokens, so user sessions and entitlements are always current. PingAccess also supports signed JWT tokens giving enterprises a more secure and verifiable way to pass user information to back-end sites.
Scalable and Ready for the Cloud
The PingAccess gateway handles tens of thousands of transactions per second with advanced clustering and replication as well as intelligent rate limiting. Built-in load balancing allows PingAccess to distribute requests across multiple back-end servers, reducing network complexity and infrastructure costs. PingAccess is supported on standard operating systems deployed on bare metal or in virtual environments.
PingAccess Agents
- Provide a one-to-one replacement option for migration from your current WAM architecture
- Support for Apache, IIS, and IBM HTTP web servers as well as industry-first support for the popular open source NGINX Plus web server
- Built on an open agent protocol with a supported SDK that customers and partners can use to build their own agents
FedRAMP Solutions for Government
PingAccess is also offered as part of Ping's FedRAMP solutions for government — FedRAMP High, DOD IL5 authorized solutions that meet the U.S. Federal Government's required security controls at the high impact level.